5.1
CVE-2006-3014
- EPSS 30.1%
- Veröffentlicht 22.06.2006 00:06:00
- Zuletzt bearbeitet 16.06.2026 22:26:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 30.1% | 0.98 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html
http://hackingspirits.com/vuln-rnd/vuln-rnd.html
http://secunia.com/advisories/21865
http://secunia.com/advisories/22882
http://securitytracker.com/id?1016344
http://www.adobe.com/support/security/bulletins/apsb06-11.html
http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html
http://www.securityfocus.com/bid/18583
http://www.securityfocus.com/bid/19980
http://www.us-cert.gov/cas/techalerts/TA06-318A.html
http://www.vupen.com/english/advisories/2006/3573
http://www.vupen.com/english/advisories/2006/3577
http://www.vupen.com/english/advisories/2006/4507
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069
https://exchange.xforce.ibmcloud.com/vulnerabilities/27312
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538